Re: [reSIProcate] Resiprocate Client with OpenSER server.....trying to establish TLS connection :- Error when verifying server's chain of certificates: unable to get local issuer certificate
hi...
yeah.. I am using root certificate in PEM format as cacert.pem at /resiprocate/resip/certs and I gave path in /etc/ssl/openssl.cnf.
Actually I have given the path for the certs also @ /resiprocate/resip/certs/openssl.cnf. I am confused where exactly is this resiprocate looking for the exact path for the root CA certificate for verification of Server certificate. Correct me if I am wrong.
The following message is being seen in my logs....
=====================================================================
Error whennnnnnnn verifying server's chain of certificates: self signed certificate in certificate chain, depth=1 /CN=OpenSER/ST=SIP/C=IP/emailAddres
ilnCode = 0
TLS connection failed ok=-1 err=1 error:00000001:lib(0):func(0):reason(1)
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error code = 336134278 file=s3_clnt.c line=89401:lib(0):func(0):reason(1)
Couldn't TLS connect
=====================================================================
I will be very much obliged at your kind n earliest response....
Thanks and regards,
Kundan.
On 5/1/07, Ryan Kereliuk <ryker@xxxxxxxxx> wrote:
Are you sure you have the root certificate in PEM format in a location
that resiprocate is looking at? If you enable DebugLog logging, do you
see a message like "Trying to load file <your_root_cert_file>"?
Thanks,
-Ryan
On 2007-05-01 at 17h43, Kundan Kumar wrote:
>
> While attempting TLS connection through resiprocate with openSER server
> ...giving following errors:
> =======================================================================
> Error when verifying server's chain of certificates: unable to get local
> issuer certificate, depth=0 /C=IN/ST=AP/O=OC/OU=OCD/CN=VPN/emailAddre
> ========================================================================
>
> I generated root certificate using openssl and modified openssl.cnf placed
> at /etc/ssl/openssl.cnf and resiprocate/resip/certs/openssl.cnf ..... I have
> added the cacert.pem at the resiprocate client also.
>
> Can anyone help me regarding above problem??
--
KUNDAN KUMAR.....